One reason people switch to Linux is to have better security. Once you switch to Linux, the thinking goes, you no longer have to worry about viruses and other types of malware. But while this is largely true in practice, desktop Linux isn’t actually all that secure.
If a virus wants to wreck shop on your free and open source desktop, there’s a good chance that it can.
Why Malware Is Less Common on Linux Desktops
Malware is unwanted code that somehow made its way onto your computer in order to perform functions designed with malicious intent. Sometimes these programs slow down a machine or cause it to crash entirely. The creators may then demand a ransom in order to fix the machine.
Sometimes malware uploads information to remote servers, giving someone access to your saved data or vital credentials that you type, such as passwords and credit card numbers.
People tend to create malware for Windows because that’s the operating system found on the most PCs. This increases the odds that a virus will spread from one computer to another.
Virus makers tend to target less technical users that are easier to fool with bogus web banners and phishing scams. Viruses also spread among people who know how to pirate music and TV shows but don’t understand how these files may be infected.
There are antivirus programs for Linux, but even their purpose is often to help protect Windows users.
Linux Desktop Malware Exists, But It’s Rare
One piece of malware has recently made news for targeting the Linux desktop. EvilGNOME runs on the GNOME desktop environment by pretending to be an extension.
GNOME is the most common Linux desktop environment, found as the default interface on two of the most popular Linux distros, Ubuntu and Fedora, and on computers that ship directly from Linux manufacturers such as System76 and Purism. Legitimate extensions allow you to alter many aspects of the GNOME desktop.
The malware known as EvilGNOME is able to take screenshots and record audio from your PC’s microphone. It can also upload your personal files. A more detailed breakdown is available in a report by Intezer Labs, who gave EvilGNOME its name.
This malware didn’t attract attention for being particularly likely to impact large numbers of people. It was considered newsworthy because it existed at all.
Most Linux Malware Targets Servers
Linux is relatively rare on desktops, but it’s the most prominent operating system found on servers powering the web and managing much of the world’s digital infrastructure.
Many attacks target websites rather than PCs. Hackers often look for vulnerabilities in network daemons that they can use to gain access to Linux-powered servers. Some will install a malicious script on a server that then targets visitors rather than the system itself.
Hacking Linux-powered machines, whether they are servers or IoT devices, is one way to go about infecting the web or creating botnets.
Linux’s Design Is Not Inherently Secure
Desktop Linux in its current form is hardly a fortress. Compared to Windows XP, where malicious software could gain administrator access without prompting for a password, Linux offered much better security. These days, Microsoft has made changes to close that gap. Since Vista, Windows has issued a prompt.
Yet fretting about the security of system files almost misses the point. Most of the data we care about isn’t saved in our root system folders. It’s the personal data in our home directory that’s irreplaceable and most revealing. Software on Linux, malicious or otherwise, doesn’t need your password to access this data and share it with others.
User accounts can also run scripts that activate your microphone, turn on your webcam, log key presses, and record what happens onscreen.
In other words, it almost doesn’t matter how secure the Linux kernel is, or the safeguards surrounding various system components, if it’s the vulnerabilities in apps and the desktop environment that can put the data you care most about at risk.
EvilGNOME doesn’t install itself among your system files. It lurks in a hidden folder in your home directory. On the positive side, that makes it easier to remove. But you have to first know it’s there.
4 Reasons Why Linux Relatively Safe to Use
While Linux isn’t immune to exploits, in day-to-day use, it still provides a much safer environment than Windows. Here are a few reasons why.
1. Multiple Distros, Environments, and System Components
App developers have a hard time developing for Linux because there are so many versions to support. The same challenge faces malware creators. What’s the best way to infiltrate someone’s computer? Do you sneak code in the DEB or RPM format?
You may try to exploit a vulnerability in the Xorg display server or in a particular window compositor, only to find that users have something else installed.
2. App Stores and Package Managers Shield Linux Users
Traditional Linux package management systems put app maintainers and reviewers between users and their software source. As long as you get all of your software from these trusted sources, you’re very unlikely to run into anything malicious.
Avoid copying and pasting command line instructions to install software, especially when you don’t know exactly what the command is doing and you’re unsure of the source.
3. Newer Technologies Actively Consider Security
New app formats like Flatpak and Snap introduce permissions and sandboxing, limiting what apps can access. The new Wayland display server can prevents apps from taking screenshots or recording happens onscreen, making it harder to exploit.
4. The Source Code Is Open for Anyone to Read
The primary advantage of Linux comes from being able to view the code. Since Linux is open source rather than proprietary, you don’t have to worry about the desktop itself working against you, acting as spyware itself or suffering from exploits that haven’t been disclosed for commercial reasons.
Even if you can’t make sense of the code, you can read the blog posts or reports by someone that does.
Should You Be Afraid of Linux Malware?
It’s a myth that Linux users don’t have to worry about viruses, but if you stick to your distro’s app stores or other trusted sources such as Flathub, you’re unlikely to stumble across anything dangerous.
No matter which operating system you use, it’s important that you adopt safe digital habits. Don’t make the mistake of believing that switching to Linux means you can download from sketchy sites without concern.
Yet for most of us, the biggest risk probably isn’t malware. If you’ve created a large number of online accounts or depend on cloud services, phishing scams are a much larger threat to your data, whether or not you use Linux.